name: Create Release for esoctl on: workflow_dispatch: inputs: version: description: 'version to release, e.g. v0.1.0-esoctl' required: true default: 'v0.1.0-esoctl' source_ref: description: 'source ref to publish from. E.g.: main or release-x.y' required: true default: 'main' # this is required for security check even though we immediately set it to # write in the release job. permissions: contents: read jobs: release: name: Create Release for esoctl runs-on: ubuntu-latest permissions: contents: write steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ github.event.inputs.source_ref }} - name: Setup Go uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 id: setup-go with: go-version-file: "go.mod" - name: Download Go modules if: ${{ steps.setup-go.outputs.cache-hit != 'true' }} run: go mod download - name: Install Syft uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} - name: Check if Tag Exists id: check_tag run: | if git rev-parse "${{ github.event.inputs.version }}" >/dev/null 2>&1; then echo "Tag exists." exit 1 fi - name: Create Tag if Not Exists if: success() run: | TAG="${{ github.event.inputs.version }}" git tag $TAG git push origin $TAG - name: Run GoReleaser uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 with: version: '~> v2' args: release --clean workdir: cmd/esoctl env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GORELEASER_CURRENT_TAG: ${{ github.event.inputs.version }} GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}